# Cybersecurity Terms & Definitions _Arthur Khazbulatov (MIoT221)_ ## 1. Security — A condition that results from the establishment and maintenance of protective measures that enable an organization to perform its mission or critical functions despite risks posed by threats to its use of systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the organization’s risk management approach. [^1] ## 2. Safety — Freedom from conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment. [^2] ## 3. Cybersecurity — Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. [^3] ## 4. Cybersecurity Event — A cybersecurity change that may have an impact on organizational operations (including mission, capabilities, or reputation). [^4] ## 5. Cyber Attack — Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. [^5] ## 6. Cybersecurity Incident — A cybersecurity event that has been determined to have an impact on the organization prompting the need for response and recovery. [^6] ## 7. Cyberspace — A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. [^7] ## 8. Cyber Threat — Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. [^8] ## 9. Risk — A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: the adverse impacts that would arise if the circumstance or event occurs; and the likelihood of occurrence. [^9] ## 10. Cyber Resiliency — The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment. [^10] ## 11. Asset — An item of value to stakeholders. An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation). The value of an asset is determined by stakeholders in consideration of loss concerns across the entire system life cycle. Such concerns include but are not limited to business or mission concerns. [^11] ## 12. Critical Infrastructure — Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [^12] _HSE Tikhonov Moscow Institute of Electronics and Mathematics_ _Moscow, 2023_ [^1]: [NIST SP 800-171 Rev. 2](https://doi.org/10.6028/NIST.SP.800-171r2) from CNSSI 4009 [^2]: [NIST SP 800-160 Vol. 2 Rev. 1](https://doi.org/10.6028/NIST.SP.800-160v2r1) from [NIST SP 800-82 Rev. 2](https://doi.org/10.6028/NIST.SP.800-82r2), [MIL-STD-882E](https://www.dau.edu/cop/armyesoh/DAU%20Sponsored%20Documents/MIL-STD-882E.pdf) [^3]: [NISTIR 8401](https://doi.org/10.6028/NIST.IR.8401) from [NIST SP 800-53 Rev. 5](https://doi.org/10.6028/NIST.SP.800-53r5) [^4]: [NIST SP 800-160 Vol. 2 Rev. 1](https://doi.org/10.6028/NIST.SP.800-160v2r1) from [NIST Cybersecurity Framework Version 1.1](https://doi.org/10.6028/NIST.CSWP.04162018) [^5]: [NISTIR 8401](https://doi.org/10.6028/NIST.IR.8401) [^6]: [NIST Privacy Framework Version 1.0](https://doi.org/10.6028/NIST.CSWP.01162020) from [NIST Cybersecurity Framework Version 1.1](https://doi.org/10.6028/NIST.CSWP.04162018) [^7]: [NIST SP 800-39](https://doi.org/10.6028/NIST.SP.800-39) under Cyberspace from CNSSI 4009 [^8]: [NIST SP 1800-15B](https://doi.org/10.6028/NIST.SP.1800-15) under Threat from [FIPS 200](https://doi.org/10.6028/NIST.FIPS.200) [^9]: [NISTIR 8401](https://doi.org/10.6028/NIST.IR.8401) from [NIST SP 800-37 Rev. 2](https://doi.org/10.6028/NIST.SP.800-37r2) [^10]: [NIST SP 800-172A](https://doi.org/10.6028/NIST.SP.800-172A) from [NIST SP 800-160 Vol. 2 Rev. 1](https://doi.org/10.6028/NIST.SP.800-160v2r1) [^11]: [NIST SP 800-160 Vol. 2 Rev. 1](https://doi.org/10.6028/NIST.SP.800-160v2r1) [^12]: [NIST SP 800-53 Rev. 5](https://doi.org/10.6028/NIST.SP.800-53r5) from [PL 107-56 (Patriot Act)](https://www.govinfo.gov/app/details/PLAW-107publ56)